---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: loki-loki-distributed
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: loki-loki-distributed
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
data:
  config.yaml: |
    auth_enabled: false
    
    server:
      http_listen_port: 3100
      
    distributor:
      ring:
        kvstore:
          store: memberlist
    
    memberlist:
      join_members:
        - loki-loki-distributed-memberlist
    
    ingester:
      lifecycler:
        ring:
          kvstore:
            store: memberlist
          replication_factor: 1
      chunk_idle_period: 30m
      chunk_block_size: 262144
      chunk_encoding: snappy
      chunk_retain_period: 1m
      max_transfer_retries: 0
    
    limits_config:
      enforce_metric_name: false
      reject_old_samples: true
      reject_old_samples_max_age: 168h
      max_cache_freshness_per_query: 10m
    
    schema_config:
      configs:
        - from: 2021-07-07
          store: boltdb-shipper
          object_store: aws
          schema: v11
          index:
            prefix: loki_index_
            period: 24h
    
    storage_config:
      aws:
        #s3: s3://${MINIO_USERNAME}:${MINIO_PASSWORD}@${MINIO_HOST}:${MINIO_PORT}/loki
        bucketnames: loki
        endpoint: ${MINIO_HOST}
        access_key_id: ${MINIO_USERNAME}
        secret_access_key: ${MINIO_PASSWORD}
        insecure: true
        s3forcepathstyle: true
      boltdb_shipper:
        shared_store: s3
        active_index_directory: /var/loki/index
        cache_location: /var/loki/cache
        cache_ttl: 24h
    
    chunk_store_config:
      max_look_back_period: 24h
    
    table_manager:
      retention_deletes_enabled: false
      retention_period: 96h
    
    query_range:
      align_queries_with_step: true
      max_retries: 5
      split_queries_by_interval: 15m
      cache_results: true
      results_cache:
        cache:
          enable_fifocache: true
          fifocache:
            max_size_items: 1024
            validity: 24h
    
    frontend_worker:
      frontend_address: loki-loki-distributed-query-frontend:9095
    
    frontend:
      log_queries_longer_than: 5s
      compress_responses: true
      tail_proxy_url: http://loki-loki-distributed-querier:3100
    
    compactor:
      shared_store: filesystem
    
    ruler:
      storage:
        type: local
        local:
          directory: /etc/loki/rules
      ring:
        kvstore:
          store: memberlist
      rule_path: /tmp/loki/scratch
      alertmanager_url: https://alertmanager.xx
      external_url: https://alertmanager.xx
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: loki-loki-distributed-gateway
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: gateway
data:
  nginx.conf: |
    worker_processes  5;  ## Default: 1
    error_log  /dev/stderr;
    pid        /tmp/nginx.pid;
    worker_rlimit_nofile 8192;
    
    events {
      worker_connections  4096;  ## Default: 1024
    }
    
    http {
      client_body_temp_path /tmp/client_temp;
      proxy_temp_path       /tmp/proxy_temp_path;
      fastcgi_temp_path     /tmp/fastcgi_temp;
      uwsgi_temp_path       /tmp/uwsgi_temp;
      scgi_temp_path        /tmp/scgi_temp;
    
      default_type application/octet-stream;
      log_format   main '$remote_addr - $remote_user [$time_local]  $status '
            '"$request" $body_bytes_sent "$http_referer" '
            '"$http_user_agent" "$http_x_forwarded_for"';
      access_log   /dev/stderr  main;
      sendfile     on;
      tcp_nopush   on;
      resolver coredns.kube-system.svc.cluster.local;
    
      server {
        listen             8080;
    
        location = / {
          return 200 'OK';
          auth_basic off;
        }
    
        location = /api/prom/push {
          proxy_pass       http://loki-loki-distributed-distributor.loki.svc.cluster.local:3100$request_uri;
        }
    
        location = /api/prom/tail {
          proxy_pass       http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$request_uri;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
        }
    
        location ~ /api/prom/.* {
          proxy_pass       http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:3100$request_uri;
        }
    
        location = /loki/api/v1/push {
          proxy_pass       http://loki-loki-distributed-distributor.loki.svc.cluster.local:3100$request_uri;
        }
    
        location = /loki/api/v1/tail {
          proxy_pass       http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$request_uri;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
        }
    
        location ~ /loki/api/.* {
          proxy_pass       http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:3100$request_uri;
        }
      }
    }
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-distributor
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: distributor
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: distributor
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-gateway
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: gateway
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: http
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: gateway
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-ingester-headless
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: ingester
spec:
  type: ClusterIP
  clusterIP: None
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: ingester
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-ingester
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: ingester
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: ingester
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-querier-headless
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: querier
spec:
  type: ClusterIP
  clusterIP: None
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: querier
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-querier
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: querier
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: querier
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-query-frontend
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: query-frontend
spec:
  type: ClusterIP
  clusterIP: None
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: query-frontend
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-memberlist
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
spec:
  type: ClusterIP
  clusterIP: None
  ports:
    - name: http
      port: 7946
      targetPort: http-memberlist
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/part-of: memberlist
---
apiVersion: v1
kind: Service
metadata:
  name: loki-loki-distributed-table-manager
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: table-manager
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 3100
      targetPort: http
      protocol: TCP
    - name: grpc
      port: 9095
      targetPort: grpc
      protocol: TCP
  selector:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/component: table-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: loki-loki-distributed-distributor
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: distributor
    app.kubernetes.io/part-of: memberlist
spec:
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki-distributed
      app.kubernetes.io/instance: loki
      app.kubernetes.io/component: distributor
  template:
    metadata:
      annotations:
        checksum/config: 1cfe7aacd6108fd07a2d5e53dc3f297f622ef5c12a96105f65fbb92ff241858f
      labels:
        app.kubernetes.io/name: loki-distributed
        app.kubernetes.io/instance: loki
        app.kubernetes.io/component: distributor
        app.kubernetes.io/part-of: memberlist
    spec:
      serviceAccountName: loki-loki-distributed
      
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      terminationGracePeriodSeconds: 30
      containers:
        - name: loki
          image: docker.io/grafana/loki:2.2.1
          imagePullPolicy: IfNotPresent
          args:
            - -config.file=/etc/loki/config/config.yaml
            - -target=distributor
            - -config.expand-env=true
          ports:
            - name: http
              containerPort: 3100
              protocol: TCP
            - name: grpc
              containerPort: 9095
              protocol: TCP
            - name: http-memberlist
              containerPort: 7946
              protocol: TCP
          env:
            - name: MINIO_PROTO
              valueFrom:
                secretKeyRef:
                  key: MINIO_PROTO
                  name: s3-credentials
            - name: MINIO_HOST
              valueFrom:
                secretKeyRef:
                  key: MINIO_HOST
                  name: s3-credentials
            - name: MINIO_USERNAME
              valueFrom:
                secretKeyRef:
                  key: MINIO_USERNAME
                  name: s3-credentials
            - name: MINIO_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: MINIO_PASSWORD
                  name: s3-credentials
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          readinessProbe:
            httpGet:
              path: /ready
              port: http
            initialDelaySeconds: 30
            timeoutSeconds: 1
          volumeMounts:
            - name: config
              mountPath: /etc/loki/config
          resources:
            {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: loki-distributed
                  app.kubernetes.io/instance: loki
                  app.kubernetes.io/component: distributor
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: loki-distributed
                    app.kubernetes.io/instance: loki
                    app.kubernetes.io/component: distributor
                topologyKey: failure-domain.beta.kubernetes.io/zone
        
      volumes:
        - name: config
          configMap:
            name: loki-loki-distributed
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: loki-loki-distributed-gateway
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: gateway
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki-distributed
      app.kubernetes.io/instance: loki
      app.kubernetes.io/component: gateway
  template:
    metadata:
      annotations:
        checksum/config: dd9c0df62dedc71ef82a222b1babf4513a7be686851c73162a52d654e606708c
      labels:
        app.kubernetes.io/name: loki-distributed
        app.kubernetes.io/instance: loki
        app.kubernetes.io/component: gateway
    spec:
      serviceAccountName: loki-loki-distributed
      
      securityContext:
        fsGroup: 101
        runAsGroup: 101
        runAsNonRoot: true
        runAsUser: 101
      terminationGracePeriodSeconds: 30
      containers:
        - name: nginx
          image: docker.io/nginxinc/nginx-unprivileged:1.19-alpine
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 15
            timeoutSeconds: 1
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          volumeMounts:
            - name: config
              mountPath: /etc/nginx
            - name: tmp
              mountPath: /tmp
            - name: docker-entrypoint-d-override
              mountPath: /docker-entrypoint.d
          resources:
            {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: loki-distributed
                  app.kubernetes.io/instance: loki
                  app.kubernetes.io/component: gateway
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: loki-distributed
                    app.kubernetes.io/instance: loki
                    app.kubernetes.io/component: gateway
                topologyKey: failure-domain.beta.kubernetes.io/zone
        
      volumes:
        - name: config
          configMap:
            name: loki-loki-distributed-gateway
        - name: tmp
          emptyDir: {}
        - name: docker-entrypoint-d-override
          emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: loki-loki-distributed-query-frontend
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: query-frontend
spec:
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki-distributed
      app.kubernetes.io/instance: loki
      app.kubernetes.io/component: query-frontend
  template:
    metadata:
      annotations:
        checksum/config: 1cfe7aacd6108fd07a2d5e53dc3f297f622ef5c12a96105f65fbb92ff241858f
      labels:
        app.kubernetes.io/name: loki-distributed
        app.kubernetes.io/instance: loki
        app.kubernetes.io/component: query-frontend
    spec:
      serviceAccountName: loki-loki-distributed
      
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      terminationGracePeriodSeconds: 30
      containers:
        - name: loki
          image: docker.io/grafana/loki:2.2.1
          imagePullPolicy: IfNotPresent
          args:
            - -config.file=/etc/loki/config/config.yaml
            - -target=query-frontend
            - -config.expand-env=true
          ports:
            - name: http
              containerPort: 3100
              protocol: TCP
            - name: grpc
              containerPort: 9095
              protocol: TCP
          env:
            - name: MINIO_PROTO
              valueFrom:
                secretKeyRef:
                  key: MINIO_PROTO
                  name: s3-credentials
            - name: MINIO_HOST
              valueFrom:
                secretKeyRef:
                  key: MINIO_HOST
                  name: s3-credentials
            - name: MINIO_USERNAME
              valueFrom:
                secretKeyRef:
                  key: MINIO_USERNAME
                  name: s3-credentials
            - name: MINIO_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: MINIO_PASSWORD
                  name: s3-credentials
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          volumeMounts:
            - name: config
              mountPath: /etc/loki/config
          resources:
            {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: loki-distributed
                  app.kubernetes.io/instance: loki
                  app.kubernetes.io/component: query-frontend
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: loki-distributed
                    app.kubernetes.io/instance: loki
                    app.kubernetes.io/component: query-frontend
                topologyKey: failure-domain.beta.kubernetes.io/zone
        
      volumes:
        - name: config
          configMap:
            name: loki-loki-distributed
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: loki-loki-distributed-table-manager
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: table-manager
spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki-distributed
      app.kubernetes.io/instance: loki
      app.kubernetes.io/component: table-manager
  template:
    metadata:
      annotations:
        checksum/config: 1cfe7aacd6108fd07a2d5e53dc3f297f622ef5c12a96105f65fbb92ff241858f
      labels:
        app.kubernetes.io/name: loki-distributed
        app.kubernetes.io/instance: loki
        app.kubernetes.io/component: table-manager
    spec:
      serviceAccountName: loki-loki-distributed
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      terminationGracePeriodSeconds: 30
      containers:
        - name: loki
          image: docker.io/grafana/loki:2.2.1
          imagePullPolicy: IfNotPresent
          args:
            - -config.file=/etc/loki/config/config.yaml
            - -target=table-manager
            - -config.expand-env=true
          ports:
            - name: http
              containerPort: 3100
              protocol: TCP
            - name: grpc
              containerPort: 9095
              protocol: TCP
          env:
            - name: MINIO_PROTO
              valueFrom:
                secretKeyRef:
                  key: MINIO_PROTO
                  name: s3-credentials
            - name: MINIO_HOST
              valueFrom:
                secretKeyRef:
                  key: MINIO_HOST
                  name: s3-credentials
            - name: MINIO_USERNAME
              valueFrom:
                secretKeyRef:
                  key: MINIO_USERNAME
                  name: s3-credentials
            - name: MINIO_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: MINIO_PASSWORD
                  name: s3-credentials
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          readinessProbe:
            httpGet:
              path: /ready
              port: http
            initialDelaySeconds: 30
            timeoutSeconds: 1
          volumeMounts:
            - name: config
              mountPath: /etc/loki/config
          resources:
            {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: loki-distributed
                  app.kubernetes.io/instance: loki
                  app.kubernetes.io/component: table-manager
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: loki-distributed
                    app.kubernetes.io/instance: loki
                    app.kubernetes.io/component: table-manager
                topologyKey: failure-domain.beta.kubernetes.io/zone
      volumes:
        - name: config
          configMap:
            name: loki-loki-distributed
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: loki-loki-distributed-ingester
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: ingester
    app.kubernetes.io/part-of: memberlist
spec:
  replicas: 1
  podManagementPolicy: Parallel
  updateStrategy:
    rollingUpdate:
      partition: 0
  serviceName: loki-loki-distributed-ingester-headless
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki-distributed
      app.kubernetes.io/instance: loki
      app.kubernetes.io/component: ingester
  template:
    metadata:
      annotations:
        checksum/config: 1cfe7aacd6108fd07a2d5e53dc3f297f622ef5c12a96105f65fbb92ff241858f
      labels:
        app.kubernetes.io/name: loki-distributed
        app.kubernetes.io/instance: loki
        app.kubernetes.io/component: ingester
        app.kubernetes.io/part-of: memberlist
    spec:
      serviceAccountName: loki-loki-distributed
      
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      terminationGracePeriodSeconds: 300
      containers:
        - name: loki
          image: docker.io/grafana/loki:2.2.1
          imagePullPolicy: IfNotPresent
          args:
            - -config.file=/etc/loki/config/config.yaml
            - -target=ingester
            - -config.expand-env=true
          ports:
            - name: http
              containerPort: 3100
              protocol: TCP
            - name: grpc
              containerPort: 9095
              protocol: TCP
            - name: http-memberlist
              containerPort: 7946
              protocol: TCP
          env:
            - name: MINIO_PROTO
              valueFrom:
                secretKeyRef:
                  key: MINIO_PROTO
                  name: s3-credentials
            - name: MINIO_HOST
              valueFrom:
                secretKeyRef:
                  key: MINIO_HOST
                  name: s3-credentials
            - name: MINIO_USERNAME
              valueFrom:
                secretKeyRef:
                  key: MINIO_USERNAME
                  name: s3-credentials
            - name: MINIO_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: MINIO_PASSWORD
                  name: s3-credentials
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          readinessProbe:
            httpGet:
              path: /ready
              port: http
            initialDelaySeconds: 30
            timeoutSeconds: 1
          volumeMounts:
            - name: config
              mountPath: /etc/loki/config
            - name: data
              mountPath: /var/loki
          resources:
            {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: loki-distributed
                  app.kubernetes.io/instance: loki
                  app.kubernetes.io/component: ingester
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: loki-distributed
                    app.kubernetes.io/instance: loki
                    app.kubernetes.io/component: ingester
                topologyKey: failure-domain.beta.kubernetes.io/zone
        
      volumes:
        - name: config
          configMap:
            name: loki-loki-distributed
        - name: data
          emptyDir: {}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: loki-loki-distributed-querier
  labels:
    app.kubernetes.io/name: loki-distributed
    app.kubernetes.io/instance: loki
    app.kubernetes.io/version: "2.2.1"
    app.kubernetes.io/component: querier
    app.kubernetes.io/part-of: memberlist
spec:
  replicas: 1
  podManagementPolicy: Parallel
  updateStrategy:
    rollingUpdate:
      partition: 0
  serviceName: loki-loki-distributed-querier-headless
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: loki-distributed
      app.kubernetes.io/instance: loki
      app.kubernetes.io/component: querier
  template:
    metadata:
      annotations:
        checksum/config: 1cfe7aacd6108fd07a2d5e53dc3f297f622ef5c12a96105f65fbb92ff241858f
      labels:
        app.kubernetes.io/name: loki-distributed
        app.kubernetes.io/instance: loki
        app.kubernetes.io/component: querier
        app.kubernetes.io/part-of: memberlist
    spec:
      serviceAccountName: loki-loki-distributed
      
      securityContext:
        fsGroup: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        runAsUser: 10001
      terminationGracePeriodSeconds: 30
      containers:
        - name: loki
          image: docker.io/grafana/loki:2.2.1
          imagePullPolicy: IfNotPresent
          args:
            - -config.file=/etc/loki/config/config.yaml
            - -target=querier
            - -config.expand-env=true
          ports:
            - name: http
              containerPort: 3100
              protocol: TCP
            - name: grpc
              containerPort: 9095
              protocol: TCP
            - name: http-memberlist
              containerPort: 7946
              protocol: TCP
          env:
            - name: MINIO_PROTO
              valueFrom:
                secretKeyRef:
                  key: MINIO_PROTO
                  name: s3-credentials
            - name: MINIO_HOST
              valueFrom:
                secretKeyRef:
                  key: MINIO_HOST
                  name: s3-credentials
            - name: MINIO_USERNAME
              valueFrom:
                secretKeyRef:
                  key: MINIO_USERNAME
                  name: s3-credentials
            - name: MINIO_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: MINIO_PASSWORD
                  name: s3-credentials
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          readinessProbe:
            httpGet:
              path: /ready
              port: http
            initialDelaySeconds: 30
            timeoutSeconds: 1
          volumeMounts:
            - name: config
              mountPath: /etc/loki/config
            - name: data
              mountPath: /var/loki
          resources:
            {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: loki-distributed
                  app.kubernetes.io/instance: loki
                  app.kubernetes.io/component: querier
              topologyKey: kubernetes.io/hostname
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: loki-distributed
                    app.kubernetes.io/instance: loki
                    app.kubernetes.io/component: querier
                topologyKey: failure-domain.beta.kubernetes.io/zone
        
      volumes:
        - name: config
          configMap:
            name: loki-loki-distributed
        - name: data
          emptyDir: {}
